ClawHub

Tree Of Thoughts

Security checks across malware telemetry and agentic risk

Overview

This is a reasoning-method skill with disclosed local caching/logging notes and an incomplete wrapper, but no evidence of hidden access, exfiltration, destructive behavior, or unsafe automatic execution.

Install only if you are comfortable with a reasoning aid that may document or cache problem statements, decisions, and outcomes. Avoid using it with confidential prompts unless caching/logging is disabled or the memory files are managed, and review any future tree_of_thoughts.py implementation before relying on runtime behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This reasoning skill goes beyond advisory content and instructs persistent logging of Tree-of-Thought sessions into local memory files, including decisions, rationale, and outcomes. For a reasoning helper, this creates unnecessary workspace persistence and may capture sensitive prompts, plans, or internal project details without clear user consent or data-minimization boundaries.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documented creation of local memory files is not necessary to fulfill the core purpose of multi-path reasoning guidance, so it expands the skill's behavior into stateful data collection without adequate justification. This increases the chance of unintended data retention, leakage of sensitive problem statements, and silent modification of the user's workspace.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The example instructs creation of log files in the workspace but gives no warning that the skill may modify user files or persist artifacts. Even if the writes are small, undisclosed state changes can surprise users, clutter repositories, and create accidental disclosure if those files are later committed or shared.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal